@djh this may be why you are seeing this error. You may well find adding nodes by the palette manager fails as well.
Agreed but that may not work if the SD image has been first installed via apt-get.
I note from that (NR) page the manual install command recommended is sudo apt-get install npm && sudo npm i -g npm. However, I think that installing npm by npm leaves you with npm that can be used without elevated privileges (but I could be wrong as I do not use Raspbian anymore) - I do remember having exactly the issue described above in the early days of node-red and it was traced to how I had installed it in the first place.
I think you are conflating 2 issues; apt-get install adds a tool to the base OS system - this requires elevated permissions. npm is such a tool that, once added, allows you to add nodes either globally (available to all users) or locally (just one user). You shouldn’t need sudo to use npm to install nodes (either locally or globally). Note the exception is that you need elevated permissions when using npm to install npm (and no I don’t understand that either…).
Using the approved install script, I believe, Node-Red will generally be installed using npm without elevated privileges.
Interestingly, despite what the NR docs say, using the script to install NR results in NodeJS v10 being installed (according to the text in the script itself)!
I don’t think I am conflating issues, and I note that you haven’t answered my questions, which I think would make the issue clear. Once you’ve answered them, it might be worth discussing further. I’m not using apt-get because I’m not on a debian-based system.
Running npm is not actually installing something into the OS. It is adding a node to the nodejs installation (NPM = Node Package Manager). Think of it as a command line version of the NR pallet manager (which actually is exactly what it is).
Depends whether you run npm with the -g (global) flag (and what your system has defined as the location for these nodes) or where you are running it from.
Well that is far too big a question to be able to answer. Depends on what permissions the use has on that system for a starter. Remember, nodejs is not really designed to be used on a multi user system - if often complains when used by a single user (as you have discovered).
I know that. It is still installing software that can run on the machine, and is exposing it to attack via the CVEs for node.js.
Ah, you noticed. Now I said that on my system that is /usr/local/lib so DOES NEED ROOT PERMISSION as I keep saying. My question is where are YOU installing it?
No, it isn’t. It’s an absolutely fundamental question to ask and answer satisfactorily before installing any software on any machine. node.js is very much intended for use on multi-user systems - inside the browser, where it causes no end of grief.
What you’re recommending is to ignore basic security practice; not even think about it.